These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its operations, the scale of infections was significantly larger — and it was quite typical to see hundreds of thousands of websites affected by the same malware. This was mostly because […]
Tag Archives: Website Security
How to Improve Ecommerce Security
If you have an ecommerce website, you are certainly concerned about its security. Business revenue depends on your online presence and having a website compromise is far from desirable. In order to have a successful ecommerce business, you need to follow the requirements outlined by the Payment Card Industry Data Security Standards (PCI DSS). The […]
Internet Cookies: What Are They and Are They Good or Bad?
Cookies! I LOVE Cookies. Oatmeal raisin are one of my particular favorite flavors. However, we’re not here to talk about baked goods as much as I’d love to. We’re here to talk about itty bitty little files stored on your local machine, also called cookies. We’ve often come across several users inquiring about what they […]
How Domain Expiration Can Potentially Disrupt Other Websites
A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the web page. This irritating pop-up didn’t come from malware placed in the website’s files or database, but rather from a single JavaScript source that the owner added to a widget: […]
The Largest DDoS Attacks & What You Can Learn From Them
A DDoS (Distributed Denial of Service) is an attack that focuses on making the website unavailable to its legitimate users. DDoS attacks can produce service interruptions, introduce large response delays, and cause various business losses. Denial-of-Service Attacks result in two ways —they either flood services or crash services. Attackers execute DDoS through computers and smart devices. […]
Sucuri Can Help Secure Your Client Websites
At Sucuri, we understand that most web professionals and web agencies ultimately need to make their clients part of the decision-making process for choosing to secure their sites. Overall, website security sounds like a good thing, but how do you position the value of Sucuri’s website security to clients who don’t know (or even care […]
What Hackers Do After Gaining Access to a Website
A hack or cyber attack is the act of maliciously entering, taking control over, or manipulating by force a web application, server, or file that belongs to someone else. Cyber attacks will: modify files, retrieve information, insert commands or scripts, change the way your website and Google Search Results look to visitors. What Do Hackers […]
How to Create a Website Maintenance Plan & Contract
In my years of experience working alongside agencies, I’ve realized that managed providers and other web pros who offer website maintenance to their clients, have a hard time convincing them on the value of managed services. It’s a common mindset. Much like the homeowner who is unwilling to invest in a rock solid insurance policy […]
Trolldesh Ransomware Dropper
Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: hxxp://doolaekhun[.]com/cgi-bin/[redacted].php This type of infected URL is usually spread through malicious emails or through services like social […]
Magento Skimmers: From Atob to Alibaba
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all sorts […]
